computer-automation

Fail

Audited by Gen Agent Trust Hub on May 29, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions direct the AI agent to execute shell commands using the Bash tool where user-provided natural language is interpolated into command arguments, such as the --prompt and --locate parameters. This pattern is vulnerable to command injection if the user input contains shell metacharacters (e.g., backticks, pipes, or semicolons), potentially allowing the execution of arbitrary commands on the host system.
  • [REMOTE_CODE_EXECUTION]: The skill relies on npx to fetch and execute the @midscene/computer package dynamically from the npm registry during runtime.
  • [DATA_EXFILTRATION]: The skill captures screenshots of the desktop to perform vision-based automation. This creates a surface for the accidental exposure of sensitive data (such as credentials, private messages, or financial information) that may be visible on the screen during the automation process.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 29, 2026, 05:41 AM
Security Audit — agent-trust-hub — computer-automation